auth.setPersistence() not supported (no way to offer 'keep me logged in' ?).

[nisserne]

Via firebaseUI-angular I came across the undocumented ui.disableAutoSignIn(). However, how to use this one-way switch to offer a super-standard 'keep me signed in' option (security requirement) ?

I tried to use auth.setPersistence(), but this behaves weird in combination with firebaseUI (auto signs out first instance, when opening a second instance etc.).

[bojeil-google]

ui.disableAutoSignIn() is only for one-tap sign-in. It is not related to Firebase Auth sessions.

setPersistence basically decides whether the user should be persisted across windows and on browser restart (local), whether it will persist only on the current window and will be cleared on close (session) or whether no persistence is applied (none).

[nisserne]

bojeil-google, I don't know what one-tap sign-in is (?), but I will ignore the function then. What are you saying about setPersistence(), is this not the way to add a 'keep me signed in' option to firebaseUI?

[bojeil-google]

Please read the documentation. By default we keep the user signed in. So you probably don't need to do anything.

[nisserne]

Thank you bojeil-google. I have read the documentation, but the problem is exactly that the auth persistence is hard. I need a "DO NOT keep me signed in" mode. How should a user protect his data, if visiting his account on a public device, when auth persistence is implicit set to LOCAL? Shouldn't firebaseUI include a 'Keep me signed in' option, or support an outer wrapper for this?

I have tried to call auth.setPersistence(), but this seems to be incompatible with the Email/Link sign-in as this completes the sign-in in a second browser tab: https://stackoverflow.com/questions/60723668/has-firebaseui-no-keep-me-signed-in-option

[nisserne]

I have now figured out a working setup for managing authentication persistence outside of firebaseUI. https://stackoverflow.com/questions/60723668/has-firebaseui-no-keep-me-signed-in-option/60810290#60810290.